<?php
/**
 * File:userControl.php
 * @author: CIS505 ATeam
 * @version: 2012-11-29
 * Purpose: add user form
 */

/**
 * authenticate user
 */
session_start();
$userID = $_SESSION['userID'];
$userName = $_SESSION['userName'];

if (isset($_SESSION['userID'])){

require_once("userView.php");
require_once("userStorage.php");
require_once("util.php");
require_once("header.php");
require_once("nav.php");


processUser( );
}
else echo "<br /><br />Please<a href=../index.php>Click Here</a> to log in.";


/**
 * processUser
 * controls execution of add user and user list view
 */
function processUser( )
{
  $out = "";
  $errorMsg = "";

  displayHeader( );
  displayNav( );
  $errorMsg = processUserForm( );
  displayUserDataForm( ); // calls service in userView.php
  $out = processUserListing( );
  displayErrorMessage($errorMsg); // calls service in addUserView.php
  displayUserList($out); // calls service in userView.php
}

/**
 * add new user
 * Gets user data from the user and inserts it in the database.
 * @return strin error message produced by the call to the
 *   validateUserData( ) function.
 */
function processUserForm( )
{
  $foreName = "";
  $surName = "";
  $userName = "";
  $eMail = "";
  $password = "";

  $errorMsg = ""; // to store error message return by validateUserData()

  //page serverd by th web server when userControl.php URL submitted by the browser

  if (!isset($_POST['submitBttn'])) {
    displayWelcomeMessage( );
  }

  // page served when user viewing the page selects submitBttn from form
  else {
    // sanitizes fields function found in /common/util.php
    $foreName = sanitize($_POST['foreName']);
    $surName = sanitize($_POST['surName']);
    $userName = sanitize($_POST['userName']);
    $eMail = sanitize($_POST['eMail']);
    $password = sanitize($_POST['password']);

    if ($errorMsg == "") { // proceed with insert

      // inserts the user found in addUserstorage.php
      insertUser($foreName, $surName, $userName, $eMail, $password);

     }
  }
  return $errorMsg;
}


/**
 * checks status of delete button
 *   if delete is pushed, record is set to an inactive status
 *     if not, displays user list
 *
 * gets all user records from the user table in cWeb DB by calling
 *  selectAllUser() found in addUserStorage.php
 */
function processUserListing( )
{
  $out = "";
  $oneUser = array( ); // associative array that holds user record data
  $users = array( ); // indexed array of user data

  // if delete button is pressed
  if (isset($_POST['delete'])) {
    $userID = $_POST['userID'];

    deleteUser($userID);
  }

  // if edit button is pressed
  if (isset($_POST['update'])) {
    $userID = $_POST['userID'];
    $foreName = sanitize($_POST['foreName']);
    $surName = sanitize($_POST['surName']);
    $userName = sanitize($_POST['userName']);
    $eMail = sanitize($_POST['eMail']);

  //debug(": edit \$_POST", $_POST);

    editUser($userID, $foreName, $surName, $userName, $eMail);
  }

  // if search button is pressed
  if (isset($_POST['searchButton'])) {
    $searchField = $_POST['criteria'];
    $searchFor = sanitize($_POST['search']);
    $outerSort = $_POST['outerSort'];
    $innerSort = $_POST['innerSort'];
    $howMany = $_POST['howMany'];
    $users = selectSearchedUsers($searchField, $searchFor, $outerSort, $innerSort, $howMany);

  }
  else {
    $users = selectAllUsers( );
  }

  foreach ($users as $oneUser) {
    $out = $out . displayOneUserList($oneUser['userID'],
                                     $oneUser['foreName'],
                                     $oneUser['surName'],
                                     $oneUser['userName'],
                                     $oneUser['eMail'],
                                     $oneUser['recordAddDate']);
    }

  return $out;
}

?>